Google Cloud CDN Signed URL using Node.js

Code to generate Google Cloud CDN Signed URLs using Node.js

Jun 14, 2025

const crypto = require('crypto');

/**
 * Generates a Cloud CDN signed URL using HMAC-SHA1
 * @param {string} url - Resource URL (must start with https://)
 * @param {string} keyName - CDN key name configured in Google Cloud
 * @param {Buffer} key - 16-byte symmetric key (raw binary format)
 * @param {number} expiresInSeconds - URL validity duration
 * @returns {string} Signed URL
 */
function generateSignedUrl(url, keyName, key, expiresInSeconds) {
    const expiration = Math.floor(Date.now() / 1000) + expiresInSeconds;
    const separator = url.includes('?') ? '&' : '?';
    const urlToSign = `${url}${separator}Expires=${expiration}&KeyName=${keyName}`;
    
    // Create HMAC-SHA1 signature
    const hmac = crypto.createHmac('sha1', key);
    hmac.update(urlToSign);
    const signature = hmac.digest('base64url');  // URL-safe base64
    
    return `${urlToSign}&Signature=${signature}`;
}

// Example usage
const key = Buffer.from('YOUR_BASE64URL_KEY', 'base64url'); // 16-byte key
const signedUrl = generateSignedUrl(
    'https://cdn.example.com/path/to/file.jpg',
    'cdn-signing-key',
    key,
    600 // 10 minutes validity
);
console.log(signedUrl);

Raj’s Substack

Discussion about this post